I have a question about stream functionalities - permissions to be exact.
We have multiple streams set up and they all have messages removed from the “All messages” stream, so there is nothing there at the moment.
I created another stream. I created a reader role that has permissions only for that stream (read and edit). I gave the role to a user etcetc.
Then the user contacted me and said that he sees some odd stuff in his stream after placing rules matching his log data. It seems that you can edit a stream to get whatever data you want (by accident or purposely).
So I tested it and got to see everything there is.
Is this how Graylog is meant to function? If it is, we just have to work around it. I just wanted to make sure if this is the right behaviour.
Graylog versions: 3.2.4
MongoDB vesion: 4.0.12
Elasticsearch version: 6.8.2